URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-27 13:44:24 | 91.227.16.6 | pxe1.host-food.ru | Not listed | AS207027 Eximius-AS |  RU | yes |
| 2023-10-09 13:29:05 | 91.227.16.22 | srv22.host-food.ru | Not listed | AS207027 Eximius-AS | RU | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2023-10-15 06:06:04 | http://h171008.srv22.test-hf.su/timeSync.exe | Offline | 32 exe MarsStealer Stealc |  zbetcheckin |
| 2023-10-14 18:13:05 | http://h171008.srv22.test-hf.su/192.exe | Offline | exe zgRAT |  dms1899 |
| 2023-10-09 13:29:05 | http://h171008.srv22.test-hf.su/188.exe | Offline | cutwail  dropped-by-SmokeLoader |  Casperinous |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2023-10-15 17:23:47 | c24772e95123aabc57d0748f538f1453ab2bb70ccae01ead7f777b1a9cd30b77 | exe | MarsStealer | |
| 2023-10-15 06:06:04 | fa3624f4be5119d36ae2edc33860d829199e79c77c81cb4aa52a2f07b8af5da9 | exe | Stealc | |
| 2023-10-14 18:13:05 | e000e93034aa809e36c2c270db09f90d9f68949645c3c6d3c7922ebec2b01f13 | exe | zgRAT | |
| 2023-10-09 13:29:05 | e5b9eabbf14369df477f37f566fc590f3869d82ee9884026f7fd6ed3aecd7d1d | exe | Cutwail |